Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T13C7354319729757B40BBD4C1AE25077B73B3F50AC6930651A7FCC3992BC8D48AD2293A |
|
CONTENT
ssdeep
|
384:CD63IuQxksCgj6gO6Nmd8u3v/jwxCe5rX8HsM6uhwF3qgMVPf3gMVshu+kVh6eDu:C4It/OgO6NsclrqsIh2agMxgMpA4u |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e36b949c29bd94c2 |
|
VISUAL
aHash
|
e3e1e181e1ffffff |
|
VISUAL
dHash
|
4b4b0b0b0b300f0c |
|
VISUAL
wHash
|
e181e181e1dfc3c7 |
|
VISUAL
colorHash
|
07c40000000 |
|
VISUAL
cropResistant
|
4b4b0b0b0b300f0c,0f0f4f4f4f0f6d39,0101030181835353,fbbee7c1f1f8fef8,5b49239964a6bd1d |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 58 techniques to evade detection by security scanners and make reverse engineering more difficult.